From: gladston@br.ibm.com
Date: Thu May 05 2005 - 09:38:50 GMT-3
It does not work either. At least not on 2500 with 12.2T:
class-map match-all Test
match access-group 200
!
policy-map Test
class Test
police cir 1000000
conform-action set-dscp-transmit af11
exceed-action drop
violate-action drop
!
interface Ethernet0
ip address 172.16.36.100 255.255.255.0 secondary
ip address 172.16.36.200 255.255.255.0 secondary
ip address 172.16.36.33 255.255.255.0 secondary
ip address 172.16.36.3 255.255.255.0
ip verify unicast source reachable-via rx 130
ip accounting access-violations
service-policy input Test
ip ospf authentication message-digest
ip ospf message-digest-key 1 md5 cisco
!
access-list 200 permit 0x0806 0x0000
r3#deb arp
ARP packet debugging is on
r3(config)#int e0
r3(config-if)#ip address 172.16.36.133 255.255.255.0 se
*Apr 15 11:32:42.285: IP ARP: rcvd req src 172.16.36.6 0010.7b81.0b76, dst
172.16.36
.133 Ethernet0
*Apr 15 11:32:42.289: IP ARP: sent rep src 172.16.36.133 0010.7b80.dc6c,
dst 172.16.36.6 0010.7b81.0b76 Ethernet0
r3#sh policy-map interface e0
Ethernet0
Service-policy input: Test
Class-map: Test (match-all)
0 packets, 0 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: access-group 200
police:
cir 1000000 bps, bc 31250 bytes, be 31250 bytes
conformed 0 packets, 0 bytes; actions:
set-dscp-transmit af11
exceeded 0 packets, 0 bytes; actions:
drop
violated 0 packets, 0 bytes; actions:
drop
conformed 0 bps, exceed 0 bps, violate 0 bps
Class-map: class-default (match-any)
9258 packets, 849624 bytes
5 minute offered rate 0 bps, drop rate 0 bps
Match: any
r3#
It is matching default class. Any ideas?
Cordially,
------------------------------------------------------------------
Gladston
"Brian McGahan" <bmcgahan@internetworkexpert.com>
04/05/2005 12:10
To
Alaerte Gladston Vidali/Brazil/IBM@IBMBR, <ccielab@groupstudy.com>
cc
Subject
RE: Identify ARP
Match it in the layer 2 transit path with EtherType 0x806.
HTH,
Brian McGahan, CCIE #8593
bmcgahan@internetworkexpert.com
Internetwork Expert, Inc.
http://www.InternetworkExpert.com
Toll Free: 877-224-8987 x 705
Outside US: 775-826-4344 x 705
24/7 Support: http://forum.internetworkexpert.com
Live Chat: http://www.internetworkexpert.com/chat/
> -----Original Message-----
> From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf
Of
> gladston@br.ibm.com
> Sent: Wednesday, May 04, 2005 8:14 AM
> To: ccielab@groupstudy.com
> Subject: Identify ARP
>
> How would you identify ARP packets besides using "match protocol arp"?
>
> I am using match protocol arp on 2550 with 12.2T but it does not match
arp
> packets:
>
> This confims the router received arp request:
>
>
> *Apr 14 12:02:59.067: IP ARP: rcvd req src 172.16.36.6 0010.7b81.0b76,
dst
> 172.16.36.200 Ether
> net0
> *Apr 14 12:02:59.075: IP ARP: sent rep src 172.16.36.200
0010.7b80.dc6c,
> dst 172.16.36.6 0010.7b81.0b76 Ethernet0
>
> This shows it is not counting on match protocol arp:
>
> r3#sh policy-map interface e0
> Ethernet0
>
> Service-policy input: Test
>
> Class-map: Test (match-all)
> 0 packets, 0 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: protocol arp
> police:
> cir 1000000 bps, bc 31250 bytes, be 31250 bytes
> conformed 0 packets, 0 bytes; actions:
> set-dscp-transmit af11
> exceeded 0 packets, 0 bytes; actions:
> drop
> violated 0 packets, 0 bytes; actions:
> drop
> conformed 0 bps, exceed 0 bps, violate 0 bps
>
> Class-map: class-default (match-any)
> 72 packets, 6928 bytes
> 5 minute offered rate 0 bps, drop rate 0 bps
> Match: any
> r3#
>
> This is the configuration:
>
>
> class-map match-all Test
> match protocol arp
> !
> policy-map Test
> class Test
> police cir 1000000
> conform-action set-dscp-transmit af11
> exceed-action drop
> violate-action drop
> !
> interface Ethernet0
> ip address 172.16.36.100 255.255.255.0 secondary
> ip address 172.16.36.200 255.255.255.0 secondary
> ip address 172.16.36.3 255.255.255.0
> ip verify unicast source reachable-via rx 130
> service-policy input Test
>
>
This archive was generated by hypermail 2.1.4 : Fri Jun 03 2005 - 10:11:56 GMT-3